The default bug view has changed. See this FAQ.

AES keys don't have CKA_VALUE_LEN

RESOLVED FIXED in 3.7

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: Jamie Nicolson, Assigned: Robert Relyea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
AES keys should have the CKA_VALUE_LEN attribute to say how long they are, so
that PK11_GetKeyLength and PK11_GetKeyStrength work properly. I think this
should happen in pkcs11.c:validateSecretKey, where it happens for all the other
variable-length secret key types.
(Reporter)

Comment 1

15 years ago
I should point out I'm using a token symmetric key. Looking into this a little
deeper, I see that pkcs11u.c:pk11_FindSecretKeyAttribute has no code to return
the CKA_VALUE_LEN field. So the problem may be there instead.

Updated

15 years ago
Priority: -- → P1
Target Milestone: --- → 3.7
(Assignee)

Comment 2

15 years ago
I'll add the code, though the NSS's use of CKA_VALUE_LEN appears to be a
non-standard use. Longer term this should be raised with the pkcs #11 working group.

bob
(Assignee)

Comment 3

15 years ago
Created attachment 104016 [details] [diff] [review]
Add CKA_VALUE_LEN to the attributes returned for token secret keys.
(Assignee)

Comment 4

15 years ago
checked into tip.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.